IE 7 8 9 Browsing History

Overview

Evidence: IE 7,8,9 Browsing History Description: Collect visited URLs from Internet Explorer Category: Applications Platform: windows Short Name: ihst Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): Yes

Background

Internet Explorer 7, 8, and 9 store browsing history in index.dat files using the MSIECF (Microsoft Internet Explorer Cache File) format. These files contain URLs visited, access timestamps, and visit counts.

Index.dat files are located in various user profile directories depending on Windows version (XP vs Vista+).

Data Collected

This collector gathers structured data about ie 7,8,9 browsing history.

IE 7,8,9 Browsing History Data

Field

Description

Example

BrowserAccessTime

When URL was accessed

2023-10-15T14:30:00

BrowserAccessCount

Number of times visited

BrowserURL

URL visited

https://www.example.com

Browser

Browser identifier

IE 7-8-9

Collection Method

This collector:

Searches for index.dat files in multiple locations:
- Legacy XP paths in Documents and Settings
- Vista+ paths in Users\*\AppData\Local\Microsoft\Windows
Collects index.dat files
Parses using libmsiecf library
Extracts URLs, timestamps, and visit counts

Forensic Value

IE browsing history reveals web activity and can indicate phishing, malware downloads, or unauthorized access. Investigators use this data to reconstruct web browsing activity, identify malicious websites visited, detect phishing attacks, correlate with downloads and malware infections, and establish user intent through browsing patterns.

PreviousIE 10 11 Edge Browsing History NextIIS Logs

Last updated 3 days ago

Was this helpful?